1902eac6ce24ccf7ef3dc696cbed9ce0edf6c96366e2f6b5dbdba5033c5d4a3b | Triage

Sharing

General

Target

1902eac6ce24ccf7ef3dc696cbed9ce0edf6c96366e2f6b5dbdba5033c5d4a3b
Size

56KB
Sample

241120-w945lawjep
MD5

0479c2b6acbad3d0e25e55305b9bf171
SHA1

f1c23dd6690644afe8540db037c4bcb4eb9d8160
SHA256

1902eac6ce24ccf7ef3dc696cbed9ce0edf6c96366e2f6b5dbdba5033c5d4a3b
SHA512

a4d89599aaf6a80345f2fffa12eb043f58dce5d74a7bc57bfe1c7bcdbc76a1f44db701339dca30922338fa3156d9165dc57c845f2860f1988ef984051e6ebaa8
SSDEEP

1536:VsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx5G9XSZ4XsvC:aKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgW

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://dharian.org/_sharedtemplates/D3QgytUZsO7korYQrG/

xlm40.dropper

http://digitalripple.com/scripts/4ovLPfq/

Targets

- Target
  
  1902eac6ce24ccf7ef3dc696cbed9ce0edf6c96366e2f6b5dbdba5033c5d4a3b
- Size
  
  56KB
- MD5
  
  0479c2b6acbad3d0e25e55305b9bf171
- SHA1
  
  f1c23dd6690644afe8540db037c4bcb4eb9d8160
- SHA256
  
  1902eac6ce24ccf7ef3dc696cbed9ce0edf6c96366e2f6b5dbdba5033c5d4a3b
- SHA512
  
  a4d89599aaf6a80345f2fffa12eb043f58dce5d74a7bc57bfe1c7bcdbc76a1f44db701339dca30922338fa3156d9165dc57c845f2860f1988ef984051e6ebaa8
- SSDEEP
  
  1536:VsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx5G9XSZ4XsvC:aKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgW
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2